We were sick of customers complaining about being forced to create and account, so we enabled anonymous checkout.
What happened? No orders, and people complaining about problems checking out.
When anonymous checkout is enabled, the customer has to check the box to checkout without an account.
People with a small screen ignore/don't understand what's written there, so they don't enter a password, and just skip to the credit card section.
When they hit pay, red text comes up saying you >must< enter a password, but the page does not scroll up to this error, and people *feel* they are getting conflicting information if they do read that error even if they see the check box for anonymous checkout.
I thought about setting the value of the password box to "password" until I realize anyone would be able to log into almost anyone Else's account this way.
Then I got to thinking that some randomly generated password would do, but what code to use to generate it and set it to both password boxes?
This seems like an OK way to go about checking out by default, and getting a random password if they choose not to enter anything, and they can always reset their password if they ever decide to login.
Using brute force to guess random ly generated passwords, especially with capcha enabled isn't worth it for most people considering how little is available in the account info, as opposed to having everyone's' password be password
Random password for new customer
-
bigbangtech
- Commander (CMDR)
- Posts: 182
- Joined: Mon Oct 10, 2005 6:27 pm
-
igavemybest
- Captain (CAPT)
- Posts: 388
- Joined: Sun Apr 06, 2008 5:47 pm
Re: Random password for new customer
I have used this code for other things...When the user enters their email address a password is auto generated on this address and then details entered into database. Hope you can take what you need from this and get it to work.
I am thinking you should have the "lost password" auto triggered by the payment so they have their password to log back in with.
I am thinking you should have the "lost password" auto triggered by the payment so they have their password to log back in with.
Code: Select all
<%@ Page Language="VB" %>
<script runat="server">
' Insert page code here
Function AddUser(ByVal userName As String, ByVal userSurname As String, ByVal userCompany As String, ByVal userAddress As String, ByVal userPostcode As String, ByVal userEmail As String, ByVal userStatus As String) As Integer
Dim connectionString As String = "server='localhost'; user id='sa'; password=''; database=''"
Dim dbConnection As System.Data.IDbConnection = New System.Data.SqlClient.SqlConnection(connectionString)
Dim queryString As String = "INSERT INTO [Regs] ([UserName], [UserSurname], [UserCompany], [UserAddress], [UserPostcode], [UserEmail], [UserStatus]) VALUES (@UserName,"& _
" @UserSurname, @UserCompany, @UserAddress, @UserPostcode, @UserEmail, @UserStatus)"
Dim dbCommand As System.Data.IDbCommand = New System.Data.SqlClient.SqlCommand
dbCommand.CommandText = queryString
dbCommand.Connection = dbConnection
Dim dbParam_userName As System.Data.IDataParameter = New System.Data.SqlClient.SqlParameter
dbParam_userName.ParameterName = "@UserName"
dbParam_userName.Value = userName
dbParam_userName.DbType = System.Data.DbType.String
dbCommand.Parameters.Add(dbParam_userName)
Dim dbParam_userSurname As System.Data.IDataParameter = New System.Data.SqlClient.SqlParameter
dbParam_userSurname.ParameterName = "@UserSurname"
dbParam_userSurname.Value = userSurname
dbParam_userSurname.DbType = System.Data.DbType.String
dbCommand.Parameters.Add(dbParam_userSurname)
Dim dbParam_userCompany As System.Data.IDataParameter = New System.Data.SqlClient.SqlParameter
dbParam_userCompany.ParameterName = "@UserCompany"
dbParam_userCompany.Value = userCompany
dbParam_userCompany.DbType = System.Data.DbType.String
dbCommand.Parameters.Add(dbParam_userCompany)
Dim dbParam_userAddress As System.Data.IDataParameter = New System.Data.SqlClient.SqlParameter
dbParam_userAddress.ParameterName = "@UserAddress"
dbParam_userAddress.Value = userAddress
dbParam_userAddress.DbType = System.Data.DbType.String
dbCommand.Parameters.Add(dbParam_userAddress)
Dim dbParam_userPostcode As System.Data.IDataParameter = New System.Data.SqlClient.SqlParameter
dbParam_userPostcode.ParameterName = "@UserPostcode"
dbParam_userPostcode.Value = userPostcode
dbParam_userPostcode.DbType = System.Data.DbType.String
dbCommand.Parameters.Add(dbParam_userPostcode)
Dim dbParam_userEmail As System.Data.IDataParameter = New System.Data.SqlClient.SqlParameter
dbParam_userEmail.ParameterName = "@UserEmail"
dbParam_userEmail.Value = userEmail
dbParam_userEmail.DbType = System.Data.DbType.String
dbCommand.Parameters.Add(dbParam_userEmail)
Dim dbParam_userStatus As System.Data.IDataParameter = New System.Data.SqlClient.SqlParameter
dbParam_userStatus.ParameterName = "@UserStatus"
dbParam_userStatus.Value = userStatus
dbParam_userStatus.DbType = System.Data.DbType.String
dbCommand.Parameters.Add(dbParam_userStatus)
Dim rowsAffected As Integer = 0
dbConnection.Open
Try
rowsAffected = dbCommand.ExecuteNonQuery
Finally
dbConnection.Close
End Try
Return rowsAffected
End Function
Sub Button1_Click(sender As Object, e As EventArgs)
If AddUser(txtUserName.Text, txtUserSurname.Text, txtUserCompany.Text, txtUserAddress.Text, txtUserPostcode.Text, txtUserEmail.Text, iblUserMember.SelectedValue) > 0
Message.Text = "Success"
Else
Message.Text = "Failure"
End If
End Sub
Sub Button2_Click(sender As object, e As EventArgs)
Response.Redirect("reg.aspx")
End Sub
</script>
<html>
<head>
</head>
<body>
<form method="post" runat="server">
<p>
</p>
<p>
<table height="300" width="300">
<tbody>
<tr>
<td>
<asp:Label id="Label1" runat="server">First Name</asp:Label></td>
<td>
<p>
<asp:TextBox id="txtUserName" runat="server"></asp:TextBox>
</p>
</td>
<td>
<asp:RequiredFieldValidator id="RequiredFieldValidator1" runat="server" ErrorMessage="Your first name is required" ControlToValidate="txtUserName" Width="242px">
</asp:RequiredFieldValidator>
</td>
</tr>
<tr>
<td>
<asp:Label id="Label2" runat="server">Surname</asp:Label></td>
<td>
<p>
<asp:TextBox id="txtUserSurname" runat="server"></asp:TextBox>
</p>
</td>
<td>
<asp:RequiredFieldValidator id="validSurname" runat="server" ErrorMessage="Please do not leave blank" ControlToValidate="txtUserSurname" Width="242px">
</asp:RequiredFieldValidator>
</td>
</tr>
<tr>
<td>
<asp:Label id="Label3" runat="server">Company</asp:Label></td>
<td>
<p>
<asp:TextBox id="txtUserCompany" runat="server"></asp:TextBox>
</p>
</td>
<td>
<asp:RequiredFieldValidator id="validCompany" runat="server" ErrorMessage="Please do not leave blank" ControlToValidate="txtUserCompany">
</asp:RequiredFieldValidator>
</td>
</tr>
<tr>
<td>
<asp:Label id="Label5" runat="server">Address</asp:Label></td>
<td>
<p>
<asp:TextBox id="txtUserAddress" runat="server"></asp:TextBox>
</p>
</td>
<td>
<asp:RequiredFieldValidator id="validAddress" runat="server" ErrorMessage="Address is required" ControlToValidate="txtUserAddress">
</asp:RequiredFieldValidator>
</td>
</tr>
<tr>
<td>
<asp:Label id="Label6" runat="server">Post Code</asp:Label></td>
<td>
<p>
<asp:TextBox id="txtUserPostcode" runat="server"></asp:TextBox>
</p>
</td>
<td>
<asp:RequiredFieldValidator id="validPostcode" runat="server" ErrorMessage="Postcode is required" ControlToValidate="txtUserPostcode">
</asp:RequiredFieldValidator>
</td>
</tr>
<tr>
<td>
<p>
<asp:Label id="Label7" runat="server">Email</asp:Label>
</p>
</td>
<td>
<asp:TextBox id="txtUserEmail" runat="server"></asp:TextBox>
</td>
<td>
<asp:RequiredFieldValidator id="validEmail1" runat="server" ErrorMessage="Email is required" ControlToValidate="txtUserEmail">
</asp:RequiredFieldValidator>
<asp:RegularExpressionValidator id="validEmail" runat="server" ErrorMessage="Please enter a valid email address" ValidationExpression="\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*" ControltoValidate="txtUserEmail">
</asp:RegularExpressionValidator>
</td>
</tr>
<tr>
<td>
<p>
<asp:Label id="Label4" runat="server">Status</asp:Label>
</p>
</td>
<td>
<asp:dropdownlist id="iblUserMember" runat="server">
<asp:listitem>Clients</asp:listitem>
<asp:listitem>Developers</asp:listitem>
<asp:listitem>Estate Agents</asp:listitem>
</asp:dropdownlist>
</td>
<td>
</td>
</tr>
<tr>
<td>
</td>
<td>
</td>
<td>
</td>
</tr>
<tr>
<td>
</td>
<td>
</td>
<td>
</td>
</tr>
<tr>
<td>
</td>
<td>
</td>
<td>
</td>
</tr>
<tr>
<td>
</td>
<td>
</td>
<td>
</td>
</tr>
<tr>
<td>
<p>
</p>
</td>
<td>
</td>
<td>
</td>
</tr>
<tr>
<td>
<p>
<asp:Label id="Message" runat="server" forecolor="red" ></asp:Label>
</p>
</td>
<td>
</td>
<td>
</td>
</tr>
<tr>
<td>
<p>
<asp:Button id="Button1" onclick="Button1_Click" runat="server" Text="Submit"></asp:Button>
</p>
<p>
<asp:Button id="Button2" onclick="Button2_Click" runat="server" Text="Reset"></asp:Button>
</p>
</td>
<td>
</td>
<td>
</td>
</tr>
</tbody>
</table>
</p>
<p>
</p>
<p>
<asp:ValidationSummary id="Validsummary" runat="server" HeaderText="Errors are as follows:" Display="Dynamic" EnableClientScript="false" ShowMessageBox="True">
</asp:ValidationSummary>
</p>
</form>
</body>
</html>
-
igavemybest
- Captain (CAPT)
- Posts: 388
- Joined: Sun Apr 06, 2008 5:47 pm
Re: Random password for new customer
Actually...instead of going through all that, this should work also. It will generate a password 6 characters long with only numbers and letters (for simplicity) on page load and apply it to the textbox. Let me know if this works 
using System; (top of page)
using System; (top of page)
Code: Select all
protected void Page_Load(object sender, EventArgs e)
{
var id = Guid.NewGuid().ToString();
TextBox1.Text = id.Replace("-", null).Substring(0, 6);
}